package com.cskaoyan.login;

import com.cskaoyan.utils.JDBCUtils2;

import java.sql.*;

/**
 * 创建日期: 2022/07/26 14:56
 *
 * @author ciggar
 *
 * 登录的案例
 *
 */
public class LoginDemo {


    public static void main(String[] args) throws SQLException {

//        Boolean ret1 = login("changfeng", "xxx");

//        Boolean ret2 = login("lJflksnfkl", "xxx' or '1=1");

        // select * from user where username = 'xxx' and password = 'xxx' or '1=1'





//        Boolean ret2 = loginUsePreparedStatement("changfeng","xxx");

        Boolean ret2 = loginUsePreparedStatement("lJflksnfkl", "xxx' or '1=1");

        if (ret2) {
            System.out.println("登录成功！");
        }else {
            System.out.println("登录失败！");
        }

    }


    // 登录的方法
    public static Boolean login(String username,String password) throws SQLException {

        // 获取连接
        Connection connection = JDBCUtils2.getConnection();


        // 创建Statement
        Statement statement = connection.createStatement();


        // 执行SQL语句
        // select * from user where username = xxx and password = xxx
        String sql = "select * from user where username = '"+username+"' and password = '"+password + "'";
        System.out.println("sql:" +sql);
        ResultSet resultSet = statement.executeQuery(sql);


        // 判断结果集是否存在数据
        if (resultSet.next()) {
            return true;
        }else {
            return false;
        }


    }


    // 登录的方法（PreparedStatement）
    public static Boolean loginUsePreparedStatement(String username,String password) throws SQLException {

        // 获取Connection
        Connection connection = JDBCUtils2.getConnection();


        // 获取PreparedStatement
        String sql = "select * from user where username  = ? and password = ?";
        // 创建PreparedStatement的时候，JDBC会把这个SQL语句发送给MySQL服务器，
        // 让MySQL服务器对SQL语句进行预编译，后续再传过来的这些参数就不会参与编译了，只会被MySQL当成纯字符串来处理了
        PreparedStatement preparedStatement = connection.prepareStatement(sql);


        // 设置参数
        preparedStatement.setString(1,username);
        preparedStatement.setString(2,password);


        // 发送参数，获取结果集
        ResultSet resultSet = preparedStatement.executeQuery();


        // 判断结果集是否存在数据
        if (resultSet.next()) {
            return true;
        }else {
            return false;
        }

    }
}
